Use one of the two approaches below to involve and educate staff on privacy issues. The second method uses a more structured approach.
1. Protected health information (PHI) is confidential information that includes a patient's identity and medical information. Identify instances where PHI is maintained in a confidential manner. Write each instance on an incidental disclosure findings sheet, identifying date, time, location, and staff member responsible. Discuss a potential solution with the staff member and each sign off on the finding sheet that the solution will be tried. Follow up one week later.
2. PHI is patient-identifiable medical information that should be kept confidential. Here are examples of incidental disclosures of PHI that we want to safeguard against. For each disclosure you identify, record on the incidental disclosure log the date, time, location, and staff member responsible. Discuss a potential solution and each sign off on the log that the solution will be tried. Follow up one week later.
These sample forms were developed for discussion purposes only. They should not be used without review by your organization's legal counsel to
ensure compliance with local, state, and federal law.
Web Extra, accompanying the article "On the Fast Track to Privacy Rule Compliance." Journal of AHIMA 73, no.2 (February 2002): .